Lucene search
K

741 matches found

Snyk
Snyk
β€’added 2026/04/24 4:31 p.m.β€’5 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00267EPSS
Exploits1References2
Snyk
Snyk
β€’added 2026/04/24 4:31 p.m.β€’6 views

Insufficient Verification of Data Authenticity

Overview github.com/traefik/traefik/v2/pkg/middlewares/auth is a Cloud Native Application Proxy. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a...

10CVSS5.5AI score0.00267EPSS
Exploits1References2
Snyk
Snyk
β€’added 2026/04/24 4:31 p.m.β€’4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00267EPSS
Exploits1References2
Snyk
Snyk
β€’added 2026/04/24 4:31 p.m.β€’4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00267EPSS
Exploits1References2
Snyk
Snyk
β€’added 2026/04/24 4:31 p.m.β€’5 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00267EPSS
Exploits1References2
Snyk
Snyk
β€’added 2026/04/22 12:26 p.m.β€’2 views

Insufficient Verification of Data Authenticity

Overview org.springframework.security:spring-security-oauth2-jose is a provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the withIssuerLocation component. An attacker can bypass intended...

6.5CVSS5.5AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
β€’added 2026/04/16 10:48 p.m.β€’16 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the decidedByUserId field in approval-related endpoints. An attacker can forge decision attribution by supplying an arbitrary user identifier in the request body, causing the system to...

5.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
β€’added 2026/04/16 10:48 p.m.β€’9 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the decidedByUserId field in approval-related endpoints. An attacker can forge decision attribution by supplying an arbitrary user identifier in the request body, causing the system to...

5.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
β€’added 2026/04/09 5:37 p.m.β€’5 views

Insufficient Verification of Data Authenticity

Overview openclaw is a 🦞 OpenClaw β€” Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the fetchWithSsrFGuard function. An attacker can cause unsafe request bodies or headers to be resent across cross-origin redirects by...

7.4CVSS5.8AI score
Exploits0References2
Snyk
Snyk
β€’added 2026/04/08 12:8 a.m.β€’4 views

Insufficient Verification of Data Authenticity

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity through the ipn.php process. An attacker can repeatedly increase their wallet balance and renew subscriptions by...

7.1CVSS5.8AI score0.0017EPSS
Exploits0References2
Patchstack
Patchstack
β€’added 2026/04/07 10:42 p.m.β€’7 views

WordPress Charitable plugin <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook vulnerability

Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook vulnerability discovered by AndrΓ©s Cruciani in WordPress Plugin Charitable versions = 1.8.9.7...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References1Affected Software1
EUVD
EUVD
β€’added 2026/04/07 9:31 a.m.β€’3 views

EUVD-2026-19584

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References3
Cvelist
Cvelist
β€’added 2026/04/07 7:40 a.m.β€’24 views

CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
β€’added 2026/04/07 7:40 a.m.β€’4 views

CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References2
CVE
CVE
β€’added 2026/04/07 7:40 a.m.β€’14 views

CVE-2026-3177

The CVE-2026-3177 entry describes a vulnerability in the Charitable – Donation Plugin for WordPress (Fundraising with Recurring Donations & More) for WordPress, affecting versions up to and including 1.8.9.7. The root cause is insufficient verification of data authenticity for incoming Stripe web...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
β€’added 2026/04/07 7:40 a.m.β€’2 views

CVE-2026-3177

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/04/07 12:0 a.m.β€’15 views

PT-2026-30800

Name of the Vulnerable Software and Affected Versions The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More versions through 1.8.9.7 Description The Charitable – Donation Plugin for WordPress is affected by a flaw due to missing cryptographic verification of...

5.3CVSS5.8AI score0.00166EPSS
Exploits0References6
Snyk
Snyk
β€’added 2026/04/04 6:26 a.m.β€’4 views

Insufficient Verification of Data Authenticity

Overview openclaw is a 🦞 OpenClaw β€” Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the OAuth flow, where the PKCE verifier is reused as the OAuth state value and reflected back in the redirect URL. An attacker can obtai...

8CVSS5.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
β€’added 2026/04/03 2:44 a.m.β€’3 views

Insufficient Verification of Data Authenticity

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker can manipulate t...

6.5CVSS5.9AI score0.00123EPSS
Exploits0References3
Snyk
Snyk
β€’added 2026/04/03 2:44 a.m.β€’2 views

Insufficient Verification of Data Authenticity

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker...

6.5CVSS5.9AI score0.00123EPSS
Exploits0References3
Rows per page
Query Builder